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The listing of claims wiU replace all prior versions, and listings, of claims in the 
application: 

T f ^"f^ riaSms: 
naims as Pending; 

1. (Currently amended) A method of providing a protected execution environment 

on a computer comprising: 

^;.tog^r.Vm ^ each appHration inst allpd on the computer as 

aiithrtri7.ed or nnt authorize ^ tn modifv the protected execution. 
environment . 

intercepting an input/output request for a fQe from an application; 
determining if the appUcation is authorized to modify the protected 

execution environment; 

creating a redirected Input/output request to an alternate 
environment when the appHcation is not authorized to modify the 
protected execution environment and the fQe is within the protected 

execution enviroiunent; and 

submitting the redirected input/output request to a file system 

manager. 



2. (Original) The method of daim 1 further comprising: 

allowing the redirected input/output request to continue when it is 

intercepted. 



' , Attomey Docket No.: 4344r0O3 

PA(X//19'RCVDAT9MVi:23:01 AM [Eastern Daylight Tiinel'Sffi^ 



09-li-U 07:28 Froni-BSTiZ SJ-Office Services 408 947 8280 T-lll P. 008/019 F-697 



3, (Original) The meihod of daim 1 further comprising: 

creating the protected execution environment. 

4. (Original) lite method of daim 1 wherein Uie protected execution environment 
comprises a directory for eadt of the applications that is authorized to modify the 
protected execution envirotunent. 



5. (Canceled) 

6. (Original) The method of daim 1 wherein the alternate environment comprises a 
directory assodated with an appUcation that is not authorized to modify the 
protected execution environment. 

7. (Original) The method of daim 1 wherein the redirected input/output request 
specifies a directory in the alternate environment that corresponds to a directory 
iix the protected execution environment specified in the input/output request. 

8. (Original) The method of daim 1, wherein a parent-diild relationship is 
maintained between an application that invokes another appUcation. 

9. (Original) The meihod of daim 1, wherein determining if the appUcation is 
authorized to modify the protected execution environment comprises: 

designating the appUcation as not authorized to modify the 
protected execution environment if the appUcation was invoked by 
another appUcation that is not authorized to modify the proteded 
execution environment. 
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10. (Oiiginal) The method of claim 1, further comprising: 

creating a nuU entry in a rnirror directory structure for an 
executable for each application aufliorized to modify the protected 

execution environment, 

wherein determining if the appHcation is authorized to modify the 

protected execution environment comprises: 

querying the existence of the executable for the application in the 

mirror directory structure. 



11. (Original) The method of daim 10, further comprising: 

maintaining an association between an executing appUcation and a 
directory path for tiie executable for the executing application, 

wherein querying for the existence of the executable in the mirror 

data structure comprises: 

specifying the directory path for the executable associated with the 

executing application. 

12. (CurrenUy amended) A method for operating a computer system with a 
protected execution environment comprising: 

executing a configuration utility to categorize a plurality of 
appUcations installed on the computer system as authorized or not 
authorized to modify the protected execution environment; 

defining the protected execution pnyironment based on the 

authorized applications; and 

italling a protected execution agent in a fQe system to intercept 
ipuVoutput requests submitted by the appUcations, wherein the 
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14. 



protected execution agent directs an input/output request to an alternate 
environment if the application that submitted the request is not 
authorized and the request is directed to the protected exeaition 
^^^^^^^ ^ .r.H whPrein the ^It^ate environment is defined by the 
fi^,^^rvn utility when c^^tP ffnrizin^ the pluraUty of application^ . 



con 



13. (Original) The method of daim 12 wherein the configuration utiUty defines *e 
protected execution environment when categorizing the pluraKty of applications. 



(Original) The method of daim 12 wherein the alternate environment is defined 
based on at least one appUcation that is not authorized. 



15. (Canceled) 

16. (Original) The method of daim 12, wherein the configuration utiHty further 
creates a null entry in a mirror directory structure for an executable for each 
auAorized application and the protected execution agent further queries the 
existence of the executable for an executing application in the mirror directory 
structure to determine if the appUcation is authorized. 

17. (Original) The method of claim 16, wherein the protected execution agent further 
maintains an assodation between the executing appUcation and a directory path 
for the executable for the executing appUcation. 

18. (Original) The method of daim 12, wherein the proteded execution agent 
designates a second appUcation as not authorized if it was invoked by a first 
appUcation that is not authorized. 
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19. (Original) The method of daim 18, wherein the protected execution agent 
maintains a paxent-duld relationship between the first and second applications. 

20. (Original) The method of daim 1% wherein the protected execution agent is 
installed in a hook diain in a fUe system manager to intercept the input/output 
requests before the requests are processed by any other agent instaUed in the 
hook chain. 

21. (Original) The method of claim 12, wherein the conHguration utiUty is executed 
prior to providing the computer system to a user and the protected execution 
agent is installed each time the computer system is booted. 

22. (Original) The method of claim 12, further comprising: 

saving a copy of the protected execution environment; and 
recovering from a failure of the computer system by replacing *e 
protected execution environment witii the copy. 

23. (Original) The method of daim 22, wherein the copy is saved on the computer 
system in a secure location. 

24. (Original) The method of daim 22, wherein the copy is saved on a remote 
computer server and downloaded to the computer system. 

25. (Currently amended) A method of determining a category for an appUcation on a 

computer comprising: 

categorizing tiie application as a first type; 
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creating a directory in a second directory structure for the 
appUcation when it is a first type, wherein the second directory structure 
mirrors a first directory structure that contains an executable for the 
application; 

creating a null entry for the executable for the appHcation in the 
directory in the second directory structure when the application is the first 

type: and 

querying the existence of the executable for the appHcation in the 
second directory structure, wherein flie application is determined to be the 
first type when the executable exists. 

26. (Currently amended) A computer-readable medium having stored tiiereon 
iputer-executable instructions for performing a method comprising: 
rato^nrizin ^ each appHcatio n instaUed on the computer as 
authorized pr not authoriypd tn modify the protected execution 
environment . 

intercepting an input/output request for a file from an application; 
determining if the appHcation is authorized to modify the protected 

execution environment; 

creating a redirected input/output request to an alternate 
environment when the appUcation is not authorized to modify the 
protected execution environment and the file is within the protected 

execution environment; and 

submitting the redirected input/'output request to a file system 

manager. 



comi 
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27. (Original) Hie computer-readable medium of claim 26 having furflxer computer- 

readable instructions comprising: 

aUowing the redirected inpuVoutput request to continue when it is 

intercepted. 



28. (Canceled) 

29. (Original) The computer-readable medium of claim 26 having further computer- 
readable instructions comprising: 

creating the protected execution environment from a directory for 
each of the appUcations that is authorized to modify the protected 
execution enviroiunent- 



30. (Original) The computer-readable medium of claim 26 having further computer- 
readable instructions comprising: 

creating the alternate environment from a directory associated with 
an appUcatlon that is not authorized to modify the protected execution 
environment. 



31 (Original) The computer-readable medium of daim 26 having further computer- 
readable instructions comprising; 

storing a directory path specified in the input/output request in the 
redirected input/output request to direct the request to a corresponding 
directory path in the alternate environment. 



Attnmpv Docket No.: 4344P003 

PA(X13/19'RCVDATn(l4 11:23:01 AM [Eastern DayOghtTimepSVI^USPTOfFXIV-l/O'D 



09-2^-04 .07:29 Froni-BSTiZ SJ-Offica Services 



408 94r 8280 



T-ni P. 014/01 9 F-697 



32. (Original) IHe computer-readable medium of claim 26 having further computer- 

readable instructions comprising: 

maintaining a parent-child data structure to track between 
relationships between applications that invoke other appUcations. 

33. (Original) The computer-readable medium of daim 26 having further computer- 
readable instructions comprising: 

designating the appUcation as not authorized to modify the 
protected execution environment if the appUcation was invoked by 
another application that is not authorized to modify tiive protected 
execution environment. 

34. (Original) The computer-readable medium of claim 26 having further computer 

readable instructions comprising: 

creating a null entry in a mirror directory struchire for an 
executable for eadi appUcation auti\orized to modify tiie protected 

execution environment; and 

querying the existence of the executable for the appUcation in the 
mirror directory sbucture when determining if the appUcation is 
authorized to modify the protected execution environment. 
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35. (Original) The computer-readable medium of daim 34 having further computer- 
readable instructions comprising: 

maintaining an association between an executing appUcation and a 
directory path for the executable for the executing application; and 

specifying the directory path for the executable associated with the 
executing appUcation when querying for the existence of the executable in 
the mirror data structure. 



36. (Currently amended) A computer system comprising: 

a processing unit; 

a memory coupled to the processing unit through a system bus; 
a computer-readable medium coupled to the processing through 

the system bus; and 

a protected environment agent executing from the computer- 
readable meditmv wherein the protected environment agent causes the 
processing unit to intercept input/output requests submitted by 
applications executing on the computer system, and further causes the 
processing unit to redirect each input/output request to an alternate 
environment if the appUcation that submitted the request is not 
authorized to modify a protected execution environment and the request 
is directed to the protected execution environment and further categori2;^§ 
pach a ppHrarion instaUe d on the comp»tPT as authorized or not 
authorized to modify the protected pxerution environment. 
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37. (Original) The computer system of daim 36 furttver comprising: 

,nfiguration utility executing from the computer-readable 
medium, wherein the configuration utility causes the processing unit to 



a coi 



categorize each appUcation installed on the computer system as 
authorized or not authorized to modify the protected execution 
environment and further to cause the processing unit to define the 
protected execution environment to contain directories associated with tiie 
authorized applications. 



38. (New) A computer system comprising: 

a first means for processing; 

a second means coupled to the first means through a system bus; 
a third means coupled to the first means through the system bus; 

and 

a fourth means for executing from the computer-readable medium, 
wherein the fourth means causes the first means to intercept input/output 
requests submitted by appUcations executing on the computer system, 
causes the first means to redirect each input/output request to an alternate 
environment if the appUcation tiwt submitted the request is not 
authorized to modify a protected execution environment and the request 
is directed to the protected execution environment and further categorizes 
each appHcationinstaUed on the computer as authorized or not 
authorized to modify the protected execution environment. 
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